maybe two reasons: performance caused by flow miss; feature parity L3+ flow table destroy the megaflow aggregation, so if your app has many concurrent sessions like web server, flow miss upcall would make vswitchd corrupted.
iptable is already there, migrating it to ovs flow table needs a lot of extra development, not to say that some advanced features is lost (for example, stateful firewall). However ovs is considering to add some hook to iptable, but in the very early stage yet. Even with that, it is not implemented by ovs datapath flowtable, but by iptable. On Tue, Nov 4, 2014 at 1:07 PM, Li Tianqing <jaze...@163.com> wrote: > ovs is implemented open flow, in ovs, it can see the l3, why do not use ovs? > > -- > Best > Li Tianqing > > At 2014-11-04 11:55:46, "Damon Wang" <damon.dev...@gmail.com> wrote: > > Hi, > > OVS mainly focus on l2 which iptables mainly focus on l3 or higher. > > Damon Wang > > 2014-11-04 11:12 GMT+08:00 Li Tianqing <jaze...@163.com>: >> >> >> >> >> >> >> -- >> Best >> Li Tianqing >> >> >> >> _______________________________________________ >> OpenStack-dev mailing list >> OpenStack-dev@lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > > > > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
